The Global Threat Effect – ICD Brief 26.

ICD Brief 26.

16.01.2017. – 22.01.2017.

This week’s oversized edition features updates from the the US, Australia, Baltics, China, India, Israel, Japan, NATO, Poland, Russia, UK, the UN. We’ve added Investment and Retrospectives categories to Insurance and Features. Listed headlines offer a quick read followed by the full edition.

USA

How will Trump lead on tech?
“As a user of the social media platform Twitter, Donald J. Trump, the 45th president of the United States, was able to drive media coverage and conversation about the campaign from his personal Android device.
Yet Trump famously does not use email or a computer.”

Incoming Intelligence Chief Dan Coats Calls Cyber Attacks Top Concern
“President-elect Donald Trump’s pick for director of national intelligence, former Indiana Sen. Dan Coats, said Thursday that cyber attacks — including email hacking and attacks on the nation’s political infrastructure — are among his chief concerns as he awaits Senate confirmation.”

The War for Cybersecurity Talents Hits the Hill
“Many analysts and business leaders believe there is a severe need for qualified cybersecurity professionals in the U.S., something that has caught the eye of at least one key congressman. U.S. House Homeland Security Committee Chairman Michael McCaul (R-Texas) on Wednesday said more needs to be done to address the cybersecurity labor shortage.”

Administration Finalizes Cyber Response Plan
“Since 2009, the U.S. government has been operating with an interim National Cyber Incident Response Plan that was based on the technology and governance structures of that time. Now, the country has a new and official NCIRP. The NCIRP is an extension of Presidential Policy Directive 41 issued in July 2016, which assigns the Department of Justice, the Department of Homeland Security and the Office of the Director of National Intelligence with specific tasks in response to a significant cyber incident.”

DHS Move on Election Security Unlikely to Survive Transition
“The controversial decision by the Department of Homeland Security to designate the nation’s election system as “critical infrastructure” has touched off a firestorm of opposition, and the incoming Trump administration has all but promised to overturn it. The designation adds the physical and digital property of countless state and county government offices to a special list of 16 categories of vital national industry — ranging from banking and telephones to water and sewage systems.”

Cyber Security Concerns Fuel Increased Job Demand in IT Sector
“According to research commissioned by IT recruitment firm Robert Half, demand for technology professionals specialised in IT and data security will dominate the technology job market, fuelled by increased concern in Australia’s IT sector over persistent cyber-security threats. More than half (58%) of Australia’s chief information officers (CIOs) say IT and data security is the key functional area within IT and technology which will create the most jobs over the next five years, and specific roles in high demand within the security space are cyber-security consultants, IT risk managers and IT risk and compliance managers.”

Baltics

Bill to Designate Cyberspace as Security Environment
“The Ministry of the Interior is seeking opinions on a draft document setting out Estonia’s security policy fundamentals, which designates cyberspace as another dimension of the security environment alongside land, territorial waters and airspace, reports LETA/BNS. The sub-chapter on cyber security sets out the principle that cyber security is organized uniformly and with the same structural solutions in both peacetime and war situation. Dependence on what happens in cyberspace transcends boundaries which further increases risks and vulnerability. Reducing vulnerability at all levels largely hinges on the people’s awareness and behavior to avoid cyber risks.”

China

“For all the attention it has attracted, Russian hacking is only the tip of the iceberg. A clear majority of hacks and attempted hacks into corporate and other private-sector entities have come from China. China has especially targeted USA’s manufacturing sector – thus jeopardizing one of the president-elect’s promises to “Make America Great Again” By restoring our manufacturing base. China is believed to have broken both U.S., and international law by hacking into U.S. companies and stealing intellectual property, the proprietary information and, trade secrets that are the basis of American manufacturing excellence. Then they produce and sell goods based on the stolen information.”

India

RBI Plans to increase Focus on IT and Cyber Security
“With the country’s financial services sector becoming increasingly sensitive to cyber-security issues in the backdrop of the Centre’s digital payments push, the Reserve Bank of India (RBI) through its arm Reserve Bank Information Technology Private Ltd (ReBIT), plans to increase its focus on IT and cyber security, including related research, of the financial sector and assist in IT systems audit and assessment of the RBI regulated entities such as banks, payments banks, wallets, among others.”

“In the darkened offices of a tech start-up, a handful of computer engineers sifts through a mountain of intelligence data that would normally be the work of a small army of Indian security agents. “’We use artificial intelligence (AI) to look for patterns in the past to predict future behaviour,’” says Tarun Wig as he explains why he hopes his company Innefu can do more business with India’s government. “’Cyber warfare isn’t a movie, it’s happening right now…. We lost out on the industrial revolution, we lost out on the defence revolution—let’s not lose out in the cyber revolution.’”

India Lags In Cybersecurity Preparedness and Awareness: Experts
“The Centre’s impetus to digital payments after demonetisation, announced on November 8, has propelled several sectors to increase their focus on cyber-security, which several industry experts believe should have been in place well before time considering the growing proliferation of internet services in various sections of the economy. This is highlighted by the fact that out of the 27 cyber risk advisories issued by the Indian Computer Emergency Response Team (CERT-In), 9 pertained to modes of digital payments such as mobile banking, electronic wallets, micro-ATMs and Unified Payments Interface.”

Israel

A Guide to CyberTech Israel 2017
“CyberTech Israel 2017, one of the country’s most prominent security trade shows, will be held in Tel Aviv from Jan. 30 to Feb. 1. There, security experts, researchers and vendors from all over the world will share the latest innovations and solutions with the international cybersecurity community. Traditionally, the event has been a unique meeting place for security professionals and enthusiasts to present recent achievements and upcoming plans. Panels typically include government officials, corporate leaders and security luminaries from around the world, all of whom are eager to share insights and key announcements.”

Japan

Japan Gropes for Cyberattack Solution as Victims Suffer in Silence
“Last November, chilling news made headlines nationwide — the internal communications network of the Defense Ministry and Self-Defense Forces had been hacked in September, possibly by another nation. According to Kyodo News, the Defense Information Infrastructure, the high-speed, high-capacity communications network linking SDF bases and camps, was compromised. Amid increasing concerns, Japan revised the Basic Cybersecurity Law last year, giving greater roles for the National Center of Incident Readiness and Strategy for Cybersecurity, dubbed “NISC,” which is in charge of developing Japan’s fundamental cybersecurity strategies. The revision was in response to cyberattacks against the Japan Pension Service that caused 1.25 million cases of potential data leakage.”

NATO

NATO: We Ward Off 500 Cyberattacks Each Month
“NATO warded off 500 cyberattacks each month in 2016, according to statistics compiled by the military alliance. “Our systems register over 500 million suspicious cyber events each day,” NATO spokesperson Oana Lungescu told CNN Thursday. She added that in 2016, NATO was subjected to an average of 500 cyberattacks per month that merited some kind of response, “an increase of roughly 60% over 2015.””

Poland

Polish Companies Increasingly Aware of Online Threats: Report
“Most Polish companies are not able to prevent breaches in their networks and the hackers are constantly two steps ahead of them. Tomasz Ferenc spoke to Michał Kurek, the Executive Director of EY’s Advanced Security Centre, and an expert in Cyber Security.”

Russia

Russia Ready to Rebuild Security Ties with US Under Trump: Putin Ally
“Russia is ready to resume cooperation with the United States on security issues such as the fight against terrorism and cyber crime, a close ally of President Vladimir Putin said, days before the inauguration of Donald Trump as president. Trump, who has praised Putin as “very smart”, has signaled he wants to improve strained ties with Russia, despite U.S. intelligence agencies alleging the Kremlin chief ordered a cyber campaign to discredit rival Hillary Clinton during the 2016 presidential race.”

UK

UK Government to Implement Cyber Security Directive
“The UK Government has recently published its ‘Cyber Security Regulation and Incentives Review’ in which it confirms that it will be implementing the European Network and Information Security Directive – more colloquially known as the Cyber Security Directive – regardless of Brexit. The other key points raised in the government’s review are listed in the article.”

UK’s Security Skills Shortage Second Worst Globally
“The UK has a cybersecurity skills gap second only to Israel, putting the country’s critical infrastructure and businesses potentially at risk, according to Indeed. The recruitment site analyzed the number of roles advertised versus the number of searches for those roles in Q3 2016 and found a huge difference in the extent of skills shortages around the world.”

GCHQ Seeks Teenage Girls to join Cyber Security Fight
“Teenage girls who spend a lot of time online and on social media could become the UK’s spies of the future, Britain’s intelligence agency hopes. GCHQ is launching a competition with the aim of encouraging more girls to think about a career in cyber security. Girls aged 13 to 15 will compete in tests that will also cover logic and coding, networking and cryptography.”

UK to Launch National Inquiry Over Cyber Security
“The government is set to conduct a national inquiry over cyber security in order to evaluate to what degree Britain is under threat from an increased number of global cyber attacks. The inquiry began just days after a claim was made by intelligence agencies in the US that Vladimir Putin was behind a plan to improve Donald Trump’s chances of becoming the next US president.”

UN

Maritime Cybersecurity Regulation on the Horizon
“Over the past year, various institutions and organizations—both domestic and international—have shown an interest in moving the increasingly prevalent cybersecurity conversation offshore. Domestically, both Congress and federal agencies have pushed to mandate cybersecurity measures for ships, ports, terminals, and offshore facilities. Internationally, a United Nations agency has issued new guidelines designed to enhance cybersecurity in worldwide shipping operations.”

Insurance

Cyber Insurance: Coming of Age in 2017?
“2016 was definitely the year of cyber insurance emergence. As large-scale attacks and disclosures of massive data breaches were reoccurring along the year, we realized once again that allocation tremendous efforts and resources to your cybersecurity defense does not provide any guarantee you won’t experience an incident. What to expect from 2017 in cyber insurance?”

UK Companies Taking On Cybersecurity-Related Insurance In Soaring Numbers
“There was a 50% growth in the adoption of cybersecurity-related insurance in the UK between 2015 and 2016. CFC Underwriting discovered the trend after polling industry representatives at the 2016 Cyber Symposium late last year. The underwriter, which provides cyber insurance to more than 20000 clients globally, found the factors driving clients to purchase these kinds of policies included the “fear factor” of a cyber attack (23%) and the impending introduction of the European General Data Protection Regulation in 2018 (26%).”

– Approximately 50% of PE CFOs view the right cybersecurity and automating processes as “must haves” in their operating models

– 92% of CFOs expect Millennials to stay less than five years and 51% of PE CFOs say retaining their talent is integral to their future success
Private equity chief financial officers (CFOs) are now looking to mature their operating model after focusing on implementing baseline technologies and hiring talent over the last few years to address regulation and investor demands. These raw materials have enabled CFOs to design a blueprint to build a better operating model in thefuture, according to EY’s 2017 global private equity CFO survey, Have yesterday’s challenges provided a foundation for tomorrow’s success?”

Features

A quick tour of Eastern Europe’s startup hubs
“Startups in Warsaw, Krakow, Prague, Budapest, Bratislava, Tallinn, Riga, or Vilnius don’t attract as much capital as the ones located in the top hubs in Europe — London, Amsterdam, or Berlin — but these Eastern European tech hubs are on the rise, and early stage investment in the region has surged from $10 million to $283 million in just five years.” [Referred by ICD Brief Subscriber Aleksandar Nenov, E-Resident Entrepreneur, Founder and Owner of CLOUDWEBOPS OÜ, Cloud Technology Advisor, AWS Community Hero] Estonia

Retrospectives

DHS: We Won Cyber Turf Wars Under Obama
“This is the second article in a three-part series on President Barack Obama’s record on cybersecurity issues. Click here for part one, an interview with the Department of Defense’s Aaron Hughes and here for part three, with the White House’s Michael Daniel.
The government shut down two weeks after Phyllis Schneck started as the Department of Homeland Security’s deputy undersecretary for National Protection and Programs in September 2013. So she had a lot of time to read and think about one of the big questions that faced her right away — the future of one of DHS’s marquee cybersecurity efforts, the network monitoring program called Einstein.”

Evaluating the US-China Cybersecurity Agreement, Part 1: The US Approach to Cyberspace
“Part one of this three-part series showed how differing approaches to their respective national interests drove China and the United States to contrasting views on the implementation of cyber policies and explored the U.S. position as well as the 2015 agreement between the two states. Part two details China’s approach to cyberspace and cybersecurity. Part three will conclude by reviewing reactions to the agreement, and assessing its success to date and its longer-term prospects. Part three concludes by reviewing reactions to the agreement, and assessing its success to date and its longer-term prospects.”